| शीर्षक | 546669204 vps-inventory-monitoring <=98c00b3 Code Injection / Eval Injection |
|---|
| विवरण | A vulnerability was found in 546669204 vps-inventory-monitoring. It has been classified as critical. Affected is the VpsTest console command in the file app/index/command/VpsTest.php. The manipulation of the argument vf (validation function) with user-supplied PHP code leads to code injection via eval(). An authenticated attacker submits arbitrary PHP through POST /index/index/edit; the payload is stored in the xm_index.vf database column and is subsequently executed by the scheduled php think VpsTest task, resulting in remote code execution under the privileges of the cron/web user. The attack can be launched remotely and requires a low-privileged user account. The exploit has been disclosed to the public and may be used. |
|---|
| स्रोत | ⚠️ https://github.com/dntyfate/cve/issues/2 |
|---|
| उपयोगकर्ता | zyhhoward (UID 97563) |
|---|
| सबमिशन | 24/04/2026 04:14 AM (1 महीना पहले) |
|---|
| संयम | 22/05/2026 07:47 PM (29 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365249 [546669204 vps-inventory-monitoring तक 98c00b370668c96ae75e91c15548d9ea113652d9 VpsTest Console VpsTest.php eval vf अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|